Target Needs to Review Its Crisis Response Procedures
A week ago, Target knew that its servers had been breached and that information about perhaps 40 million shoppers had fallen into the hands of thieves. The company failed to make the information public for several days. As one disgruntled shopper put it, "Shop and Target and become a target."
Here's the information you need: If you used a credit or debit card at Target stores between Thanksgiving and the 15th of December, you will need to change your PIN (debit cards) or obtain a new card from your financial institution (credit cards).
An important note here: Transactions at target.com were apparently not compromised, only those transactions made at brick and mortar stores.
The hackers compromised registers inside nearly 2000 Target stores. As people used their cards to make purchases, the crooks were able to grab every bit of information. Security analyst Brian Krebs broke the story.
The thieves now have the information they need to manufacture 40 million credit and debit cards and the credentials they need to withdraw cash from ATMs.
If you want to contact Target concerning the breach and precautionary steps you should take, call 866-852-8680. At the very least, it would seem prudent to contact your financial institution immediately and have your current card canceled.
4G for People Who Don't Need 4G
December seemed like a good time to have a hot spot. After all, the temperature was hovering around 10 and I thought a little warmth would be helpful. Then I realized that hot spots don't emit any heat, but they sure can be handy. I'm one of those strange people who feels no need to be connected to the Internet every moment of the day. Maybe you are, too. But I have to admit that being able to connect occasionally when I'm not near a Wi-Fi access point would be useful.
As it turns out, several companies provide devices that establish your own personal wi-fi hotspot via a connection to a cellular network.
People who have smart phones already have this technology built in and, although having built-in Internet access would be nice, I find that the cost of my cellular telephone service (about $10 per month on a pay-as-you-go plan) is even nicer. The lowest cost cellular data plans are usually at least $40 and they provide far more data than I would need.
Maybe someday a cellular provider will create a plan that charges nothing other than the basic voice rate on days when the user doesn't need to use the phone for Internet access and charges a daily fee ($3 or $4 perhaps) for service on any day that the phone is used for Internet access. Perhaps that makes too much sense from the consumer's point of view for a cellular provider to consider it.
So since that's probably not going to happen, I decided to sign up for a NetZero Mobile Broadband account. The first consideration has to be whether service exists in your area. NetZero will switch to another broadband provider within the next year, one that will provide better coverage. For now, though, you'll be on the Clear Network. Perhaps it's called that because so much of the United States map is clear of any indication that Clear exists.
If you're in a big city, you're probably OK. Columbus, Cincinnati, Cleveland, Pittsburgh, and Harrisburg are among cities where Clear has coverage. Toledo, Detroit, New Orleans, and several entire states in the northern plans (Wyoming, the Dakotas, Nebraska, and Iowa, for example), along with several states in the southwest (Arizona and New Mexico) and some in the south (Arkansas and Louisiana) have no coverage at all.
Even within cities, the coverage isn't always very good. Note the areas in white north of Upper Arlington and east of Gahanna. Even where I live and the map is green, the best signal strength I can muster is a single bar. Fortunately, I don't need the service at home.
The good news is that improvements are coming. Scott Matulis at NetZero's parent company, United Online, says "We have signed a five-year agreement with Sprint to offer the NetZero Mobile Broadband service via Sprint’s 4G LTE and 3G networks. We expect that our NetZero Mobile Broadband service over the Sprint network will launch in 2014." Sprint's 4G service in central Ohio has been slow to be rolled out, but it's beginning to cover the city.
Sprint has far better coverage throughout the country ...
... and central Ohio is nearly solid green.
NetZero makes 2 devices, a USB stick that can be used with any laptops and netbooks. I wanted to use the service with a hand-held tablet, so I needed the NetZero 4G Hotspot. The NetZero device connects to the cellular service and then provided a local password-protected wi-fi signal that can be used by up to 8 devices.
The USB stick costs $50 and the hotspot is $100, but NetZero seems to have an ongoing half-price sale for anyone who signs up for a program that costs at least $20 per month. The data plans range from "free" to $50 per month. The free plan requires that you purchase one of the devices at full price and it's good only for a year. After that, you must sign up for a paid program and it's good for only 200MB of data per month.
A $10 plan still requires that you buy the device at full price, but provides 500MB of data per month. The $20 plan includes 2GB of data, for $35 the limit is 4GB, and 8GB is the limit at $50. All of the paid plans have recently doubled their capacity.
The hotspot is relatively large, about 3.5 inches square and more than half an inch thick. When powered on, the device displays the SSID (TechByterMob4G in my case) and the password (which I've obscured in the image here.) Displaying the password may be handy, but it certainly seems to be a bad idea from a security standpoint! If you lose the device, anybody who finds it can use it.
Log on to your account at NetZero.net and you can see how much of your data allotment has been consumed during the current month ...
... and whether you're set to LightSpeed (slower) or WarpSpeed (faster). By default, plans that cost $20 or more per month are set to WarpSpeed. Choosing LightSpeed caps downloads to 1Mbps and WarpSpeed allows 10Mbps.
There's also a panel that shows the device's MAC address and its serial number. A media access control (MAC) address is a unique identifier assigned to network interfaces for communications on the physical network segment.
If you need to do a lot of work on the Internet when you're mobile, you'll probably be better off with a traditional cellular plan that includes a data option for your phone, but if your needs are relatively modest (2GB per month or less), the NetZero 4G Hotspot is a good choice. For those who need more, take a look at plans such as those from Virgin Mobile, which has unlimited data plans at $50 per month.
I'm not going to rate this device just yet because I've owned it for only a couple of weeks. So far, it seems to work as expected and, when the Sprint becomes the network provider next year, I would expect it to work better. It does seem to chew up a bit of bandwidth as the hotspot chats with the network to maintain its connection. In an ideal world, network administration chatter wouldn't count against the user's bandwidth limit. You may have noticed, though, that we do not live in an ideal world.
Dear NSA: Cut It Out! (White House Panel)
That sound you heard mid week was the other shoe dropping in Washington. Presidential advisors have told President Obama that it's time to stop the National Security Agency's policy of collecting information about phone calls placed by all Americans and to restrict future snooping to instances when they have obtained a court order. Not that a court order is particularly difficult to obtain.
The White House made a 300-page report available this week. In that report, 5 intelligence and legal experts also addressed the issue of spying on the leaders of foreign countries. The report says that such spying needs to be considered in light of its potential for causing diplomatic problems.
The president ordered the report following revelations by former NSA security contractor Edward Snowden.
The president must decide which communications should be monitored, the report said, and the decision cannot be left to the intelligence agencies. The report even goes so far as to suggest that the Privacy Act of 1974 should apply to foreigners just as it applies to American citizens.
The report seems to be a top-to-bottom condemnation of NSA operations. The NSA should stop secretly collecting flaws in common computer programs and using them to create cyberattacks, the report says, because the technique undermines confidence in American products. These kinds of flaws were essential in the cyberattacks that the United States and Israel launched on Iran.
And the experts said that the NSA should stop trying to undermine encryption standards that are commonly used by businesses.
The report says that the NSA should no longer have the authority to conduct many of its current operations without review by the president, Congress, or the courts.
Earlier in the week, a federal court decision declared that the bulk collection of telephone data is almost certainly unconstitutional.
Some of the report's recommendations could be put into effect by the president, but others would require legislation from Congress. Given the current state of Congress, it's unlikely that any changes that require legislation will be enacted. As for the president, he has already indicated that some of the report's recommendations will be ignored. For example, splitting command of the NSA, the surveillance unit, from the United States Cyber Command, the cyberwarfare unit.
Short Circuits
Facebook Decides to Annoy Even More Users
How excited would you be about the prospect of finding a video in your Facebook news stream, a video that starts playing automatically? Facebook thinks this is a really good idea.
Starting this week, some "lucky" Facebook users saw the future of Facebook. At least Facebook has decided to mute the videos unless the user clicks it. But mobile users might be concerned about the bandwidth used and all users might be annoyed by the motion.
This isn't unexpected, but it is unwelcome. Facebook announced months ago that it planned to try several video options. It's been possible to post videos previously, but until now they have played only when the user wants them to play. Now you don't have a choice.
Facebook isn't talking about how many coins it will need to allow advertisers to inflict this "feature" on users, but the general expectation is that advertisers will pay $1 million per day for 15-second commercials. The test ad -- the one you might see -- is for the soon-to-be-released film, "Divergent".
CEO Mark Zuckerberg apparently is worried that these videos could annoy mobile users if the consume too much bandwidth on mobile devices. That, so the story goes, is why the audio won't play automatically. Perhaps Zuckerberg should ask a Facebook network engineer to explain the differences between the (large) amount of bandwidth video needs and the (small) amount of bandwidth required by audio.
Or maybe he already did. The video ads will run on desktop systems, but they won't play automatically on smart phones or tablets unless they're connected via wi-fi.
On Delta, No Phone Calls
The Federal Communications Commission may well be reconsidering rules against making cell phone calls on airplanes, but one airline has already stepped forward to say "Not on our planes!" That airline is Delta.
Current FCC and FAA rules prohibit voice calls on planes, but the FAA recently relaxed other rules on the use of electronic devices and there are indications that the FCC will allow the use of cell phones during flights.
Flight attendants oppose the use of cell phones when planes are in the air and Delta CEO Richard Anderson sent a memo to employees saying that the airline will not allow cell calls or Internet-based voice communications on Delta's flights or on those operated by its regional carriers.
Anderson says that customer research shows that frequent fliers say voice calls would be unwelcome and most customers who participated in a 2012 survey said the ability to make voice calls would make their experience worse.
Ready for a Car that Runs on Hydrogen?
This isn't the typical fare for TechByter Worldwide, but it is about technology and it is important. What if the cars we drive could run on a fuel that creates no harmful emissions? And what if that fuel cost about the same as gasoline?
Welcome to the world of hydrogen fuel cell cars.
This week three automakers unveiled hydrogen fuel cell vehicles that are expected to be in dealers' showrooms early next year.
Hyundai, Toyota, and Honda expect to make these vehicles available in the near future. Hyundai will be first. Their Tucson small SUV will be available for lease next spring. Toyota will have a fuel cell car by 2016 in the US and Honda is shooting for 2015.
Hydrogen-powered vehicles don't have the range restrictions of electric cars, but refueling stations are virtually non-existent and the cars are expensive to build. Still, the fuel prices are now in range.
These cars use a chemical process that essentially tears electrons from inside the hydrogen molecule to generate the electricity that runs the car.
The hydrogen isn't burned, so there's no pollution, just water and heat. The cars would have a tailpipe, but the only emission would be water vapor.
Not All Internet Crooks are Evil Geniuses
People who want you to send them advance payments so that they can ship your $10 million from a long-lost relative in Nigeria depend on their marks being stupid. That's one of the reasons messages about amazing wealth come from one of the poorest nations on earth. But those who want to plant a virus on your computer need to reach the widest possible audience and that means the messages have to be more believable. It amuses me when one that's transparently phony.
I receive a fair number of messages from Adobe, so it wasn't too surprising to see a message about a license key from adobe.com. Oh, wait, that's adobes.com. Alarm bells are now ringing.
The message slipped past MailWasher Pro because it doesn't contain anything that clearly identifies it as a fraudulent message, but that extra S in the domain name and the reference to the antique CS4 version clearly identified the message as a fraud. CS4 was followed by CS5, CS5.5, CS6, and now Creative Cloud. Adobe hasn't sold this version for years.
Rather than delete it from the server, I thought that I would download the message and see what its game was. That was foiled by Avast Antivirus.
The antivirus program recognized the attachment as a malware installer and deleted it, but it provided more evidence that not all the crooks out there are intelligent. Installation keys are invariably text files and never carry an "exe" extension. But even more ludicrous is the crook's choice of a file name: "thunderbird.exe". Wouldn't it be more believable with a name such as "adobeCS4.exe"?
Stupid Screenshot of the Week
Everybody needs protective software and the stronger the protections, the better. Unfortunately, Avast got a bit carried away this week and protected me from an automatic update ... from Avast.
No Program Next Week
Christmas is next Wednesday and it's followed by New Year's a week later. As always, TechByter Worldwide will be quiet next week and will return on January 5, 2014.